DigitalSide Threat Intel

00000003.exe

First submission 2022-08-03 14:14:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 456.0 KB (466944 bytes)
Compile time: 2021-06-17 14:47:50
MD5: a35383f9431d405cd1164a1ba5c93a2a
SHA1: dc09e242d4a334a70717421a767e2fd76e9f5dec
SHA256: 548a6de77d41a75d8463e4aa3d596caf294b6d5bfbc486dfaccd95b1819a1016
Import Hash : 409f5d6d64eccf1b9873a7c796c3f1ad
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total: 51/71 VT report date: 2022-08-02 17:54:06

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jg.studio/00000003.exe VirusTotal Report jg.studio VirusTotal Report 2022-08-03 14:14:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x511cc 332288 167dc18bcf3ffcda9e22fe5e6052b69abced4738 722381e679bb1ddb97c2d07b4958b44e
.rdata 0x53000 0x16f22 94208 f8f28e83a845c64aec58ab6dab345299f538dff8 447b6b218f686df4db2cd5ef417cddc4
.data 0x6a000 0x3d44 3584 e6275f8be29b60f37b1bf1ea9893984972a95b11 08aabee4c7c1a225b65f6841c6214873
.tls 0x6e000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x6f000 0x230 1024 aed548cb6e1f9d978e19cf9baafaf4430ca470b3 d5e2b33bf09b6cca8a373ecc18cc22af
.rsrc 0x70000 0x4b78 19456 0679fc215a6eec6fdf54da2653cdc14e9d26d4a9 8e8cdb523564e3542323c2e028684d34
.reloc 0x75000 0x382c 14848 2e105a8fdac2b6bca5b18f310282ecc064abf26b eaffa515443d7e9a0d23e99dbe48290d

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x72024 9640
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x745cc 1387
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x74b38 62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
licence_code.txt
Library
mscoree.dll
KERNEL32.dll
SHELL32.dll
WINMM.dll
ADVAPI32.dll
WS2_32.dll
USER32.dll
SHLWAPI.dll
Powrprof.dll
PSAPI.DLL
gdiplus.dll
ntdll.dll
urlmon.dll
GDI32.dll

Import functions

Function Address Souspicious Anti Debug
StrToIntA 0x453320
PathFileExistsA 0x453324
PathFileExistsW 0x453328
Function Address Souspicious Anti Debug
URLDownloadToFileW 0x453460
URLOpenBlockingStreamW 0x453464
Function Address Souspicious Anti Debug
DeleteFileA 0x4530b0
CopyFileW 0x4530b4
SizeofResource 0x4530b8
FindResourceA 0x4530bc
CreateMutexA 0x4530c0
GetLocaleInfoA 0x4530c4
CreateToolhelp32Snapshot 0x4530c8
OpenMutexA 0x4530cc
Process32NextW 0x4530d0
LockResource 0x4530d4
Process32FirstW 0x4530d8
LoadResource 0x4530dc
GetTempPathW 0x4530e0
OpenProcess 0x4530e4
lstrcatW 0x4530e8
GetCurrentProcessId 0x4530ec
GetTempFileNameW 0x4530f0
GetCurrentProcess 0x4530f4
GlobalAlloc 0x4530f8
GlobalLock 0x4530fc
GetTickCount 0x453100
GlobalUnlock 0x453104
WriteProcessMemory 0x453108
VirtualAlloc 0x45310c
ResumeThread 0x453110
GetThreadContext 0x453114
VirtualAllocEx 0x453118
ReadProcessMemory 0x45311c
CreateProcessW 0x453120
SetThreadContext 0x453124
LocalAlloc 0x453128
GlobalFree 0x45312c
MulDiv 0x453130
GetLongPathNameW 0x453134
SetFilePointer 0x453138
GetModuleFileNameA 0x45313c
lstrcpynA 0x453140
AllocConsole 0x453144
QueryPerformanceFrequency 0x453148
QueryPerformanceCounter 0x45314c
EnterCriticalSection 0x453150
LeaveCriticalSection 0x453154
InitializeCriticalSection 0x453158
ExpandEnvironmentStringsA 0x45315c
HeapSize 0x453160
WriteConsoleW 0x453164
SetStdHandle 0x453168
GetProcessHeap 0x45316c
SetEnvironmentVariableW 0x453170
SetEnvironmentVariableA 0x453174
FreeEnvironmentStringsW 0x453178
GetEnvironmentStringsW 0x45317c
GetCommandLineW 0x453180
GetCommandLineA 0x453184
GetOEMCP 0x453188
IsValidCodePage 0x45318c
FindFirstFileExA 0x453190
ReadConsoleW 0x453194
GetConsoleMode 0x453198
GetConsoleCP 0x45319c
FlushFileBuffers 0x4531a0
GetFileType 0x4531a4
GetTimeZoneInformation 0x4531a8
EnumSystemLocalesW 0x4531ac
GetUserDefaultLCID 0x4531b0
IsValidLocale 0x4531b4
GetTimeFormatW 0x4531b8
GetDateFormatW 0x4531bc
HeapReAlloc 0x4531c0
HeapAlloc 0x4531c4
GetACP 0x4531c8
GetStdHandle 0x4531cc
GetModuleHandleExW 0x4531d0
MoveFileExW 0x4531d4
RtlUnwind 0x4531d8
RaiseException 0x4531dc
LoadLibraryExW 0x4531e0
FreeLibrary 0x4531e4
GetCPInfo 0x4531e8
GetStringTypeW 0x4531ec
GetLocaleInfoW 0x4531f0
LCMapStringW 0x4531f4
FindNextFileA 0x4531f8
FindFirstFileA 0x4531fc
MapViewOfFileEx 0x453200
CreateFileMappingA 0x453204
GetProcAddress 0x453208
LoadLibraryA 0x45320c
GetFileSize 0x453210
TerminateThread 0x453214
SetFileAttributesW 0x453218
GetLastError 0x45321c
GetModuleHandleA 0x453220
RemoveDirectoryW 0x453224
CreateDirectoryW 0x453228
FindClose 0x45322c
MoveFileW 0x453230
SetFilePointerEx 0x453234
GetLogicalDriveStringsA 0x453238
DeleteFileW 0x45323c
GetFileAttributesW 0x453240
lstrlenA 0x453244
GetDriveTypeA 0x453248
FindNextFileW 0x45324c
GetFileSizeEx 0x453250
FindFirstFileW 0x453254
ExitProcess 0x453258
CreateProcessA 0x45325c
PeekNamedPipe 0x453260
CreatePipe 0x453264
TerminateProcess 0x453268
ReadFile 0x45326c
HeapFree 0x453270
HeapCreate 0x453274
CreateEventA 0x453278
GetLocalTime 0x45327c
CreateThread 0x453280
SetEvent 0x453284
WaitForSingleObject 0x453288
Sleep 0x45328c
GetModuleFileNameW 0x453290
CloseHandle 0x453294
ExitThread 0x453298
CreateFileW 0x45329c
WriteFile 0x4532a0
DeleteCriticalSection 0x4532a4
CompareStringW 0x4532a8
TlsFree 0x4532ac
TlsSetValue 0x4532b0
TlsGetValue 0x4532b4
TlsAlloc 0x4532b8
InitializeCriticalSectionAndSpinCount 0x4532bc
SetLastError 0x4532c0
MultiByteToWideChar 0x4532c4
DecodePointer 0x4532c8
EncodePointer 0x4532cc
WideCharToMultiByte 0x4532d0
InitializeSListHead 0x4532d4
GetSystemTimeAsFileTime 0x4532d8
GetCurrentThreadId 0x4532dc
IsProcessorFeaturePresent 0x4532e0
GetStartupInfoW 0x4532e4
SetUnhandledExceptionFilter 0x4532e8
UnhandledExceptionFilter 0x4532ec
IsDebuggerPresent 0x4532f0
GetModuleHandleW 0x4532f4
CreateEventW 0x4532f8
WaitForSingleObjectEx 0x4532fc
ResetEvent 0x453300
SetEndOfFile 0x453304
Function Address Souspicious Anti Debug
GdiplusStartup 0x453434
GdipGetImageEncoders 0x453438
GdipCloneImage 0x45343c
GdipAlloc 0x453440
GdipDisposeImage 0x453444
GdipFree 0x453448
GdipGetImageEncodersSize 0x45344c
GdipSaveImageToStream 0x453450
GdipSaveImageToFile 0x453454
GdipLoadImageFromStream 0x453458
Function Address Souspicious Anti Debug
WSAGetLastError 0x453408
gethostbyname 0x45340c
htons 0x453410
inet_ntoa 0x453414
closesocket 0x453418
recv 0x45341c
connect 0x453420
socket 0x453424
send 0x453428
WSAStartup 0x45342c
Function Address Souspicious Anti Debug
RegEnumValueW 0x453000
CryptAcquireContextA 0x453004
CryptGenRandom 0x453008
CryptReleaseContext 0x45300c
GetUserNameW 0x453010
RegEnumKeyExA 0x453014
QueryServiceStatus 0x453018
CloseServiceHandle 0x45301c
OpenSCManagerW 0x453020
OpenSCManagerA 0x453024
ControlService 0x453028
StartServiceW 0x45302c
QueryServiceConfigW 0x453030
ChangeServiceConfigW 0x453034
OpenServiceW 0x453038
EnumServicesStatusW 0x45303c
AdjustTokenPrivileges 0x453040
LookupPrivilegeValueA 0x453044
OpenProcessToken 0x453048
RegCreateKeyA 0x45304c
RegCloseKey 0x453050
RegQueryInfoKeyW 0x453054
RegQueryValueExA 0x453058
RegCreateKeyExW 0x45305c
RegEnumKeyExW 0x453060
RegSetValueExW 0x453064
RegSetValueExA 0x453068
RegOpenKeyExA 0x45306c
RegOpenKeyExW 0x453070
RegCreateKeyW 0x453074
RegDeleteValueW 0x453078
RegQueryValueExW 0x45307c
RegDeleteKeyA 0x453080
Function Address Souspicious Anti Debug
PlaySoundW 0x4533dc
mciSendStringA 0x4533e0
mciSendStringW 0x4533e4
waveInClose 0x4533e8
waveInAddBuffer 0x4533ec
waveInStart 0x4533f0
waveInOpen 0x4533f4
waveInUnprepareHeader 0x4533f8
waveInPrepareHeader 0x4533fc
waveInStop 0x453400
Function Address Souspicious Anti Debug
ShellExecuteW 0x45330c
ShellExecuteExA 0x453310
Shell_NotifyIconA 0x453314
ExtractIconA 0x453318
Function Address Souspicious Anti Debug
GetWindowTextW 0x453330
wsprintfW 0x453334
GetClipboardData 0x453338
UnhookWindowsHookEx 0x45333c
GetForegroundWindow 0x453340
ToUnicodeEx 0x453344
GetKeyboardLayout 0x453348
SetWindowsHookExA 0x45334c
CloseClipboard 0x453350
OpenClipboard 0x453354
GetKeyboardState 0x453358
CallNextHookEx 0x45335c
GetKeyState 0x453360
GetMessageA 0x453364
GetWindowThreadProcessId 0x453368
SetForegroundWindow 0x45336c
SetClipboardData 0x453370
EnumWindows 0x453374
ExitWindowsEx 0x453378
EmptyClipboard 0x45337c
ShowWindow 0x453380
SetWindowTextW 0x453384
MessageBoxW 0x453388
IsWindowVisible 0x45338c
CloseWindow 0x453390
SendInput 0x453394
mouse_event 0x453398
DispatchMessageA 0x45339c
TranslateMessage 0x4533a0
GetWindowTextLengthW 0x4533a4
TrackPopupMenu 0x4533a8
DrawIcon 0x4533ac
GetSystemMetrics 0x4533b0
GetIconInfo 0x4533b4
SystemParametersInfoW 0x4533b8
CreatePopupMenu 0x4533bc
GetCursorPos 0x4533c0
DefWindowProcA 0x4533c4
CreateWindowExA 0x4533c8
AppendMenuA 0x4533cc
RegisterClassExA 0x4533d0
GetKeyboardLayoutNameA 0x4533d4
Function Address Souspicious Anti Debug
SelectObject 0x453088
CreateCompatibleDC 0x45308c
StretchBlt 0x453090
GetDIBits 0x453094
DeleteDC 0x453098
DeleteObject 0x45309c
CreateDCA 0x4530a0
GetObjectA 0x4530a4
CreateCompatibleBitmap 0x4530a8

Related files by ImpHash 1 409f5d6d64eccf1b9873a7c796c3f1ad

Name Latest seen MD5
gggggg.exe 2022-08-03 20:11:02 f61c74deae0ce023bf2231e030edb7ab